Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion" module is designed to detect a vulnerability in the Eibiz i-Media Server Digital Signage software version 3.8.0. This vulnerability allows an attacker to include local files from the server, potentially leading to unauthorized access and information disclosure. The severity of this vulnerability is classified as high.
If successfully exploited, the local file inclusion vulnerability in the Eibiz i-Media Server Digital Signage 3.8.0 can have serious consequences. An attacker can access sensitive files on the server, such as configuration files, user credentials, or other sensitive information. This can lead to further attacks, data breaches, or unauthorized access to the system.
The module works by sending a specific HTTP request to the target server. The request includes a path parameter that attempts to access a file outside of the intended directory structure. The module then analyzes the response body for specific keywords, such as "bit app support," "fonts," or "extensions." If these keywords are found, it indicates a successful local file inclusion vulnerability.
Example HTTP request:
GET /dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null
The module uses matching conditions to determine if the vulnerability is present. In this case, it checks if the response body contains the specified keywords and uses the "and" condition to ensure all keywords are present. If the conditions are met, the module reports the vulnerability.
It is important to address and fix this vulnerability promptly to prevent potential unauthorized access and data leakage.